fivedev/harbour-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2025-01-18 09:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)

Browse Source 
* contrib/hbssl/evp.c
    * clear key and iv buffers before passing them to EVP_BytesToKey()
      otherwise some uninitialized bytes are accessed and valgrind reports
      uninitialized memory access

  * contrib/hbssl/evpciph.c
    ! fixed typo in index in my previous commit

  * contrib/hbssl/tests/digest.prg
    ! use OPENSSL_VERSION_NUMBER() instead OPENSSL_VERSION() to retrieve
      OpenSSL version number

  * contrib/hbssl/tests/inetssl.prg
    * updated to use 2048 RSA certificates instead of 1024 ones which are
      no more supported by modern OpenSSL libraries

  * contrib/hbssl/tests/pem.prg
    * cleaned output
This commit is contained in:
Przemysław Czerpak
2025-01-18 09:33:49 +01:00
parent 60e9a0e663
commit fe96da68f6
6 changed files with 30 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ChangeLog.txt
View File

@@ -7,6 +7,26 @@
Entries may not always be in chronological/commit order.
See license at the end of file. */
2025-01-18 09:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/evp.c
* clear key and iv buffers before passing them to EVP_BytesToKey()
otherwise some uninitialized bytes are accessed and valgrind reports
uninitialized memory access
* contrib/hbssl/evpciph.c
! fixed typo in index in my previous commit
* contrib/hbssl/tests/digest.prg
! use OPENSSL_VERSION_NUMBER() instead OPENSSL_VERSION() to retrieve
OpenSSL version number
* contrib/hbssl/tests/inetssl.prg
* updated to use 2048 RSA certificates instead of 1024 ones which are
no more supported by modern OpenSSL libraries
* contrib/hbssl/tests/pem.prg
* cleaned output
2025-01-18 05:03 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* src/rdd/dbfnsx/dbfnsx1.c
* src/rtl/dates.c

3
contrib/hbssl/evp.c
View File

@@ -96,6 +96,9 @@ HB_FUNC( EVP_BYTESTOKEY )
unsigned char key[ EVP_MAX_KEY_LENGTH ];
unsigned char iv[ EVP_MAX_IV_LENGTH ];
memset( key, 0, sizeof( key ) );
memset( iv, 0, sizeof( iv ) );
hb_retni( EVP_BytesToKey( cipher,
( HB_SSL_CONST EVP_MD * ) md,
( HB_SSL_CONST unsigned char * ) hb_parc( 3 ) /* salt */,

2
contrib/hbssl/evpciph.c
View File

@@ -1030,7 +1030,7 @@ HB_FUNC( EVP_SEALINIT )
npubk = ( int ) hb_arrayLen( pArray = hb_param( 5, HB_IT_ARRAY ) );
for( tmp = 1; tmp <= npubk; ++tmp )
{
if( hb_EVP_PKEY_get( hb_arrayGetItemPtr( pArray, tmp + 1 ) ) == NULL )
if( hb_EVP_PKEY_get( hb_arrayGetItemPtr( pArray, tmp ) ) == NULL )
{
npubk = 0;
break;

2
contrib/hbssl/tests/digest.prg
View File

@@ -17,7 +17,7 @@ PROCEDURE Main()
OpenSSL_add_all_digests()
OpenSSL_add_all_ciphers()
? "Version built against:", hb_NumToHex( OPENSSL_VERSION() )
? "Version built against:", hb_NumToHex( OPENSSL_VERSION_NUMBER() )
? "Version loaded:", hb_NumToHex( SSLeay() )
ctx := EVP_MD_CTX_create()

4
contrib/hbssl/tests/inetssl.prg
View File

@@ -156,12 +156,12 @@ STATIC FUNCTION LoadCertificates( ssl_ctx, cCertFile, cKeyFile )
/* Server using hb_inetSSL_ACCEPT() needs certificates,
they can be generated using the following command:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-out <cCertFile> -keyout <cKeyFile>
*/
IF ! hb_FileExists( cCertFile ) .AND. ! hb_FileExists( cKeyFile )
? "SERVER: generating certificates..."
hb_run( "openssl req -x509 -nodes -days 365 -newkey rsa:1024 " + ;
hb_run( "openssl req -x509 -nodes -days 365 -newkey rsa:2048 " + ;
"-out " + cCertFile + " -keyout " + cKeyFile )
ENDIF

5
contrib/hbssl/tests/pem.prg
View File

@@ -12,8 +12,8 @@ PROCEDURE Main()
SSL_init()
? ERR_load_PEM_strings()
? OpenSSL_add_all_algorithms()
ERR_load_PEM_strings()
OpenSSL_add_all_algorithms()
bioe := BIO_new_fd( 1, HB_BIO_NOCLOSE )
@@ -66,6 +66,7 @@ B0NDIZKbaPJHHPb9Ne7nQECzv0/kzmAley9UMTZ1M7fq6KYemR0LsA==
STATIC FUNCTION cb_function( lWrite )
? "Callback (func)", lWrite
?
RETURN "test"